(RDN Quick Hits)

================================================================================

( microblogging technology, security, gadgets, os x, cycling and social media with random news and information bits tossed in for good measure.

follow me on twitter (@hrbrmstr), The Apple Blog or head over to the mother ship. )

================================================================================

02/26/2008 09:27:37

Quick Tips On IDS Rule, Alerts & Database Optimization

From Joel’s post:

If you have events in your IDS DB, you should look at them. That’s the reason you have an IDS/IPS. To review the events (and in the case of IPS, prevent the attacks) and make sure the evil hax0rs are not getting you. If you have events in your current DB that are a month old, that tells me either one of two things:
A) You don’t care about your alerts
B) You have too many alerts, and you don’t have a system.

So let me help you get a system.

permalink

--------------------------------------------------------------------------------

================================================================================